HHS issues new guidance on SamSam ransomware

HHS' Healthcare Cybersecurity and Communications Integration Center released a report March 30 on SamSam, an ongoing ransomware campaign that has targeted the healthcare and government sectors since 2016.

There have already been at least eight SamSam attacks on healthcare and government organizations since the beginning of 2018, including attacks on two Indiana-based hospitals and EHR provider Allscripts, which faces a class-action lawsuit as a result of the attack, according to the report obtained by the American Hospital Association.

"The attackers have remained focused on [government and healthcare] ... likely because those systems and networks are critical and any downtime cannot and will not be tolerated, which increases the chance that the victims' will pay the ransom," the report reads.

The report outlines mitigation, contingency and business continuity strategies for healthcare organizations to reduce a ransomware attack's impact. One of the HCCIC's core recommendations is to avoid paying a ransom.

Here are four key factors an organization should consider prior to paying a ransom.

1. Paying a ransom does not guarantee an organization will regain access to their data

2. Some victims who paid the ransomware demand were later targeted again by cyberattackers

3. After paying an initial ransom, some victims were asked to pay an additional amount to receive the promised decryption key

4. Paying the requested ransom could inadvertently encourage cyberattackers to continue to engage in this type of criminal business model